# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: This file is auto generated by the elixir code generator program.
# Do not edit this file manually.

defmodule GoogleApi.ServiceBroker.V1.Model.GoogleIamV1_Policy do
  @moduledoc """
  An Identity and Access Management (IAM) policy, which specifies access
  controls for Google Cloud resources.


  A `Policy` is a collection of `bindings`. A `binding` binds one or more
  `members` to a single `role`. Members can be user accounts, service accounts,
  Google groups, and domains (such as G Suite). A `role` is a named list of
  permissions; each `role` can be an IAM predefined role or a user-created
  custom role.

  Optionally, a `binding` can specify a `condition`, which is a logical
  expression that allows access to a resource only if the expression evaluates
  to `true`. A condition can add constraints based on attributes of the
  request, the resource, or both.

  **JSON example:**

      {
        "bindings": [
          {
            "role": "roles/resourcemanager.organizationAdmin",
            "members": [
              "user:mike@example.com",
              "group:admins@example.com",
              "domain:google.com",
              "serviceAccount:my-project-id@appspot.gserviceaccount.com"
            ]
          },
          {
            "role": "roles/resourcemanager.organizationViewer",
            "members": ["user:eve@example.com"],
            "condition": {
              "title": "expirable access",
              "description": "Does not grant access after Sep 2020",
              "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
            }
          }
        ],
        "etag": "BwWWja0YfJA=",
        "version": 3
      }

  **YAML example:**

      bindings:
      - members:
        - user:mike@example.com
        - group:admins@example.com
        - domain:google.com
        - serviceAccount:my-project-id@appspot.gserviceaccount.com
        role: roles/resourcemanager.organizationAdmin
      - members:
        - user:eve@example.com
        role: roles/resourcemanager.organizationViewer
        condition:
          title: expirable access
          description: Does not grant access after Sep 2020
          expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
      - etag: BwWWja0YfJA=
      - version: 3

  For a description of IAM and its features, see the
  [IAM documentation](https://cloud.google.com/iam/docs/).

  ## Attributes

  *   `bindings` (*type:* `list(GoogleApi.ServiceBroker.V1.Model.GoogleIamV1__Binding.t)`, *default:* `nil`) - Associates a list of `members` to a `role`. Optionally, may specify a
      `condition` that determines how and when the `bindings` are applied. Each
      of the `bindings` must contain at least one member.
  *   `etag` (*type:* `String.t`, *default:* `nil`) - `etag` is used for optimistic concurrency control as a way to help
      prevent simultaneous updates of a policy from overwriting each other.
      It is strongly suggested that systems make use of the `etag` in the
      read-modify-write cycle to perform policy updates in order to avoid race
      conditions: An `etag` is returned in the response to `getIamPolicy`, and
      systems are expected to put that etag in the request to `setIamPolicy` to
      ensure that their change will be applied to the same version of the policy.

      **Important:** If you use IAM Conditions, you must include the `etag` field
      whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      you to overwrite a version `3` policy with a version `1` policy, and all of
      the conditions in the version `3` policy are lost.
  *   `version` (*type:* `integer()`, *default:* `nil`) - Specifies the format of the policy.

      Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
      are rejected.

      Any operation that affects conditional role bindings must specify version
      `3`. This requirement applies to the following operations:

      * Getting a policy that includes a conditional role binding
      * Adding a conditional role binding to a policy
      * Changing a conditional role binding in a policy
      * Removing any role binding, with or without a condition, from a policy
        that includes conditions

      **Important:** If you use IAM Conditions, you must include the `etag` field
      whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      you to overwrite a version `3` policy with a version `1` policy, and all of
      the conditions in the version `3` policy are lost.

      If a policy does not include any conditions, operations on that policy may
      specify any valid version or leave the field unset.
  """

  use GoogleApi.Gax.ModelBase

  @type t :: %__MODULE__{
          :bindings => list(GoogleApi.ServiceBroker.V1.Model.GoogleIamV1__Binding.t()),
          :etag => String.t(),
          :version => integer()
        }

  field(:bindings, as: GoogleApi.ServiceBroker.V1.Model.GoogleIamV1__Binding, type: :list)
  field(:etag)
  field(:version)
end

defimpl Poison.Decoder, for: GoogleApi.ServiceBroker.V1.Model.GoogleIamV1_Policy do
  def decode(value, options) do
    GoogleApi.ServiceBroker.V1.Model.GoogleIamV1_Policy.decode(value, options)
  end
end

defimpl Poison.Encoder, for: GoogleApi.ServiceBroker.V1.Model.GoogleIamV1_Policy do
  def encode(value, options) do
    GoogleApi.Gax.ModelBase.encode(value, options)
  end
end
